In this work, we propose a general solution to address the non-IID challenges that hinder many defense methods against backdoor attacks in federated learning. Backdoor attacks involve malicious clients attempting to poison the global model. While many defense methods effectively filter out these malicious clients using clustering techniques, their effectiveness diminishes when the federated learning process involves non-IID datasets. In such cases, clustering methods struggle to distinguish between benign and malicious clients due to the inherent variability in the clients' data distributions.
Our proposed solution leverages data generation to mitigate the non-IID nature of clients' local datasets. By generating synthetic data, the datasets become more IID, enabling defense methods to once again effectively counter backdoor attacks. Evaluations are carried out on standard datasets in the image classification fields, like MNIST and CIFAR-10. The results show that the data generation solution can effectively improve the performance of defense methods and filter out malicious clients again. Although the generated data samples may suffer from low quality and limited diversity due to constraints in training the generative adversarial networks (GANs), our approach demonstrates significant improvements in defending against backdoors.

A Generative Adversarial Network (GAN) is a deep-learning generative model in the field of Ma- chine Learning (ML) that involves training two Neural Networks (NN) using a sizable data set. In certain fields, such as medicine, the data involved in training may be hospital patient records that are stored across different hospitals. The classic cen- tralized implementation would involve sending the data to a centralized server where the model would be trained. However, that would involve breach- ing the privacy and confidentiality of the patients and their data, and would be unacceptable. There- fore, Federated Learning (FL), a ML technique that trains ML models in a distributed setting without data every leaving the host device, would be a bet- ter alternative to the centralized option. In this ML technique, only parameters and certain meta- data would be communicated. In spite of that, there still exist attacks that can infer user data using the parameters and metadata. A fully privacy preserv- ing solution involves homomorphically encrypting (HE) the data communicated. This paper will focus on the performance loss of training a FL-GAN with three different types of homomorphic encryption: Partial Homomorphic Encryption (PHE), Some- what Homomorphic Encryption (SHE), and Fully Homomorphic Encryption (FHE). We will also test the performance loss of Multi Party Computations (MPC), as it has homomorphic properties. The per- formance will be compared to the performance of training an FL-GAN without encryption. Our ex- periments show that the more complex the encryp- tion method is, the longer it takes, with the extra time taken for HE being quite significant in com- parison to the base case of FL.

Machine learning has been applied to almost all fields of computer science over the past decades. The introduction of GANs allowed for new possibilities in fields of medical research and text prediction. However, these new fields work with ever more privacy-sensitive data. In order to maintain user privacy, a combination of federated learning, differential privacy and GANs can be used to work with private data without giving away a users' privacy. Recently, two implementations of such combinations have been published: DP-Fed-Avg GAN and GS-WGAN. This paper compares their performance and introduces an alternative version of DP-Fed-Avg GAN that makes use of denoising techniques to combat the loss in accuracy that generally occurs when applying differential privacy and federated learning to GANs. We also compare the novel adaptation of denoised DP-Fed-Avg GAN to the state-of-the-art implementations in this field.

Federated learning is an emerging concept in the domain of distributed machine learning. This concept has enabled GANs to benefit from the rich distributed training data while preserving privacy However,in a non-iid setting, current federated GAN architectures are unstable, struggling to learn the distinct features and vulnerable to mode collapse. In this paper, we propose a novel architecture MULTIFLGAN to solve the problem of low-quality images, mode collapse and instability for non-iid datasets. Our results show that MULTI-FLGAN is four times as stable and performant (i.e. high inception score) on average over 20 clients compared to baseline FLGAN.

Federated learning (FL), although a major privacy improvement over centralized learning, is still vulnerable to privacy leaks. The research presented in this paper provides an analysis of the threats to FL Generative Adversarial Networks. Furthermore, an implementation is provided to better protect the data of the participants with Trusted Execution Environments (TEEs), using Intel Software Guard Extensions. Lastly, the viability of it’s use in practice is evaluated and discussed. The results indicate that this approach protects the data, while not affecting the predicting capabilities of the model, with a noticeable but manageable impact on the training duration.

Federated learning (FL) is a new paradigm that allows several parties to train a model together without sharing their proprietary data. This paper investigates vertical federated learning, which addresses scenarios in which collaborating organizations own data from the same set of users but with differing features. The survey provides an overview of how five alternative Vertical Federated
Learning frameworks function, as well as a description of their performance and security assurances. A thorough comparison of how each of the alternatives handles the trade-offs between data privacy, framework performance, and model performance is extracted based on the examined frameworks.
This allows the reader to form an opinion about benefits and disadvantages of various techniques across the vertical federated learning landscape.